Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CLI user commands #2153

Merged
merged 33 commits into from
Jan 12, 2023
Merged

Add CLI user commands #2153

merged 33 commits into from
Jan 12, 2023

Conversation

ThomasLaPiana
Copy link
Contributor

@ThomasLaPiana ThomasLaPiana commented Jan 6, 2023
edited by seanpreston
Loading

Closes #2136

Code Changes

  • add a fides user login CLI command (uses user endpoint, not client endpoint)
    • add logic for getting an access_token from the webserver with a username/password or with an existing credentials file
    • add logic for storing the access_token and the username in a .fides_credentials file in the user directory
    • Base64 encode the password before sending it
  • add a fides user create command for creating a user
  • add a fides user permissions command for showing the scopes of the current user
  • add tests for all of the above
  • use matching username/password options for commands that require it (login and create, for example)
  • allow for credentials file path override via env var

Relevant Links:

Steps to Confirm

  • make sure the webserver is available when running your commands
  • run fides db reset -y to clear the database of any existing users
  • run fides user login -u root_user -p Testpassword1! and verify a credentials file is written with the correct info
  • run fides user login and verify that you're prompted for the username and password, and that the password is hidden
  • run fides user login -u fidesadmin -p wrongpassword and verify the error message
  • run fides user create newuser HolyCow1*1 and confirm that a new user is created
  • run fides user login -u newuser -p HolyCow1*1 and confirm that the login is successful and the credentials file is updated
  • run fides user permissions and verify that the permissions are correct (all permissions)
  • set the FIDES_CREDENTIALS_PATH env var and confirm that is respected as the path for the credentials file

Pre-Merge Checklist

Description Of Changes

This PR adds a user command group to the CLI that allows the CLI to authenticate with the webserver and store the username, password, access_token and id in a local .fides_credentials file

@ThomasLaPiana ThomasLaPiana self-assigned this Jan 6, 2023
@ThomasLaPiana
Copy link
Contributor Author

Bug Found: root client can't get their own scopes

@ThomasLaPiana
Copy link
Contributor Author

Potential bug found: I created a new user but when I search for that user, the search turns up empty

@ThomasLaPiana ThomasLaPiana changed the title Add CLI login Add CLI user commands Jan 6, 2023
@ThomasLaPiana
Copy link
Contributor Author

@sanders41 do you think I should be using clients or users here? I'm thinking users is what we actually want, since clients are ephemeral API users created by actual users right?

@sanders41
Copy link
Contributor

@sanders41 do you think I should be using clients or users here? I'm thinking users is what we actually want, since clients are ephemeral API users created by actual users right?

Right, I would use users

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 6, 2023
View reviewed changes
src/fides/core/user.py Fixed Show fixed Hide fixed
@ThomasLaPiana
Copy link
Contributor Author

running into a perplexing error:

fides> fides user create newusera Newpass!word1
Loading config from: .fides/fides.toml
{'username': 'newusera', 'password': 'Newpass!word1'}
{ 'detail': [ { 'loc': ['body', 'password'],
                'msg': "'utf-8' codec can't decode byte 0xec in position 1: "
                       'invalid continuation byte',
                'type': 'value_error.unicodedecode'}]}

Trying to create a new user via the API and I am getting this error about the password, but it doesn't happen when using the Swagger docs so it must be something with the way I'm sending the request....

@ThomasLaPiana
Copy link
Contributor Author

running into a perplexing error:

fides> fides user create newusera Newpass!word1
Loading config from: .fides/fides.toml
{'username': 'newusera', 'password': 'Newpass!word1'}
{ 'detail': [ { 'loc': ['body', 'password'],
                'msg': "'utf-8' codec can't decode byte 0xec in position 1: "
                       'invalid continuation byte',
                'type': 'value_error.unicodedecode'}]}

Trying to create a new user via the API and I am getting this error about the password, but it doesn't happen when using the Swagger docs so it must be something with the way I'm sending the request....

@sanders41 I confirmed that that password specifically was causing the issue, if I make the same call with HolyCow1*1 it works perfectly.

Any idea why? What is weird about Newpassword1!?

@ThomasLaPiana ThomasLaPiana mentioned this pull request Jan 9, 2023
Closed
@sanders41
Copy link
Contributor

I’m on my phone instead of computer at the moment so I can’t test this, but I think the issue, may be that the endpoint expects to receive the password as a base64 encoded string (see here). So I am thinking maybe it can decode HolyCow1*1 as if it was base64 encoded but not Newpassword1!

@ThomasLaPiana
Copy link
Contributor Author

I’m on my phone instead of computer at the moment so I can’t test this, but I think the issue, may be that the endpoint expects to receive the password as a base64 encoded string (see here). So I am thinking maybe it can decode HolyCow1*1 as if it was base64 encoded but not Newpassword1!

Ah I see......that'd do it

@ThomasLaPiana ThomasLaPiana marked this pull request as ready for review January 10, 2023 08:08
sanders41
sanders41 suggested changes Jan 10, 2023
View reviewed changes
src/fides/cli/commands/user.py Show resolved Hide resolved
src/fides/cli/commands/user.py Outdated Show resolved Hide resolved
src/fides/core/user.py Show resolved Hide resolved
tests/ctl/cli/test_cli.py Show resolved Hide resolved
@ThomasLaPiana
Copy link
Contributor Author

ThomasLaPiana commented Jan 11, 2023
edited
Loading

New login flow:

No options provided

fides> fides user login
Loading config from: .fides/fides.toml
Username: root_user
Password: 
Logged in as user: root_user
Credentials file written to: C:\Users\tlapiana/.fides_credentials

Username provided only

fides> fides user login -u root_user
Loading config from: .fides/fides.toml
Password: 
Logged in as user: root_user
Credentials file written to: C:\Users\tlapiana/.fides_credentials

Password provided only

fides> fides user login -p Testpassword1!
Loading config from: .fides/fides.toml
Username: root_user
Logged in as user: root_user
Credentials file written to: C:\Users\tlapiana/.fides_credentials

@ThomasLaPiana ThomasLaPiana merged commit e88907c into main Jan 12, 2023
@ThomasLaPiana ThomasLaPiana deleted the ThomasLaPiana-add-CLI-login branch January 12, 2023 04:07
@seanpreston seanpreston mentioned this pull request Jan 21, 2023
Closed
@tariqajyusuf tariqajyusuf mentioned this pull request Mar 5, 2024
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sanders41 sanders41 sanders41 approved these changes

@SteveDMurphy SteveDMurphy Awaiting requested review from SteveDMurphy

Assignees

@ThomasLaPiana ThomasLaPiana

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add CLI user commands
2 participants
@ThomasLaPiana @sanders41